fortinet

Vendors · fortinet

· 74 Critical1,123 known vulnerabilities across 255 products

Total CVEs

1,123

Critical

Products

255

Search All CVEs →

1,123

Products (255)

fortios271 CVEs fortiweb124 CVEs fortiproxy118 CVEs fortimanager114 CVEs fortianalyzer93 CVEs forticlient87 CVEs fortisandbox60 CVEs fortimail46 CVEs fortiportal45 CVEs fortiadc44 CVEs fortisoar31 CVEs fortinac30 CVEs fortisiem29 CVEs fortimanager cloud27 CVEs fortipam25 CVEs fortivoice24 CVEs fortiwlm23 CVEs fortiauthenticator23 CVEs fortiswitchmanager19 CVEs fortinet antivirus18 CVEs fortianalyzer cloud17 CVEs fortitester16 CVEs fortiwan16 CVEs fortimanager firmware15 CVEs fortiswitch14 CVEs fortiwlc14 CVEs forticlientems13 CVEs fortianalyzer big data13 CVEs fortinac-f12 CVEs fortirecorder12 CVEs fortianalyzer firmware12 CVEs fortideceptor11 CVEs fortindr11 CVEs fortisase10 CVEs fortiisolator10 CVEs fortiap-w29 CVEs fortisandbox cloud9 CVEs fortiap7 CVEs fortiextender firmware7 CVEs fortiedr7 CVEs fortiddos-f7 CVEs fortiextender7 CVEs forticlient enterprise management server7 CVEs fortiap-u7 CVEs forticlient endpoint management server6 CVEs fortiap-s6 CVEs fortiadc firmware5 CVEs fortiddos5 CVEs fcm-mb405 CVEs fortirecorder firmware5 CVEs fcm-mb40 firmware5 CVEs fortidlp agent4 CVEs fortisra4 CVEs fortiwebmanager4 CVEs fortiaiops4 CVEs fortimanager 3000f3 CVEs fortimanager 2000e3 CVEs fortimanager 200d3 CVEs fortimanager 300e3 CVEs fortimanager 3900e3 CVEs fortimanager 400e3 CVEs fortitoken mobile3 CVEs fortibalancer 10003 CVEs fortibalancer 1000 firmware3 CVEs fortibalancer 20003 CVEs fortibalancer 2000 firmware3 CVEs fortibalancer 30003 CVEs fortibalancer 3000 firmware3 CVEs fortibalancer 4003 CVEs fortibalancer 400 firmware3 CVEs fortigate-3140b2 CVEs fortigate-3240c2 CVEs fortigate-20c2 CVEs fortiadc-4000d2 CVEs fortigate-200b2 CVEs fortigate-1240b2 CVEs fortigate-3810a2 CVEs fortisandbox paas2 CVEs fortigate-110c2 CVEs fortigate-3950b2 CVEs fortiadc-300e2 CVEs fortigaterugged-100c2 CVEs fortigate-100d2 CVEs fortigate-40c2 CVEs fortigate-5001a-sw2 CVEs fortigate-1000c2 CVEs fortiadc-200d2 CVEs fortiswitchaxfixed2 CVEs fortigate2 CVEs fortiadc-2000d2 CVEs fortigate-voice-80c2 CVEs fortiadc-1500d2 CVEs fortigate 60f2 CVEs fortiadc-1000e2 CVEs fortigate-5001b2 CVEs forticlientems cloud2 CVEs fortigate 40f2 CVEs fortigate-50202 CVEs forticlient sslvpn client2 CVEs fortigate-50602 CVEs fortigate-50b2 CVEs fortigate-5101c2 CVEs fortigate-5140b2 CVEs fortigate-600c2 CVEs fortiadc manager2 CVEs fortigate-60c2 CVEs fortigate-620b2 CVEs fortigate 3600e2 CVEs fortiap-c2 CVEs fortigate 3300e2 CVEs fortigate 2200e2 CVEs fortigate 1800f2 CVEs forticamera firmware2 CVEs fortiadc-600e2 CVEs antivirus engine2 CVEs fortigate-800c2 CVEs fortigate-80c2 CVEs fortigate-311b2 CVEs fortigate-310b2 CVEs fortios-6k7k2 CVEs fortios ips engine2 CVEs fortigate-3040b2 CVEs fortigate-300c2 CVEs fortipresence2 CVEs forticamera2 CVEs fortiadc-400e2 CVEs fsw-r-112d-poe1 CVEs meru1 CVEs meru firmware1 CVEs single sign on1 CVEs connect1 CVEs coyote point equalizer1 CVEs coyote point equalizer firmware1 CVEs fim-7901e1 CVEs fim-7904e1 CVEs fim-7910e1 CVEs fim-7920e1 CVEs fim-7921f1 CVEs fim-7941f1 CVEs fortiadc-700d1 CVEs fortiai1 CVEs fortiai 3500f1 CVEs fortiai firmware1 CVEs fortianalyzer-1000d1 CVEs fortianalyzer-2000b1 CVEs fortianalyzer-200d1 CVEs fortianalyzer-3000d1 CVEs fortianalyzer-300d1 CVEs fortianalyzer-4000b1 CVEs fortiauthenticator agent for microsoft outlook web access1 CVEs forticlient emergency management server1 CVEs forticlient host security1 CVEs forticlient lite1 CVEs forticlient ssl vpn1 CVEs forticlient virtual private network1 CVEs forticonverter1 CVEs fortidb1 CVEs fortiddos-cm1 CVEs fortiedrmanager1 CVEs fortifone softclient1 CVEs fortigate-10001 CVEs fortigate-1100e1 CVEs fortigate-200f1 CVEs fortigate-2600f1 CVEs fortigate-3500f1 CVEs fortigate-400e1 CVEs fortigate-600e1 CVEs fortigate-6300f1 CVEs fortigate-6300f-dc1 CVEs fortigate-6500f1 CVEs fortigate-6500f-dc1 CVEs fortigate-6501f1 CVEs fortigate-6501f-dc1 CVEs fortigate-6601f1 CVEs fortigate-6601f-dc1 CVEs fortigate-7030e1 CVEs fortigate-7040e1 CVEs fortigate-7060e1 CVEs fortigate-7121f1 CVEs fortigate 1000d1 CVEs fortigate 100e1 CVEs fortigate 100f1 CVEs fortigate 1100e1 CVEs fortigate 1500d1 CVEs fortigate 2000e1 CVEs fortigate 200e1 CVEs fortigate 3000d1 CVEs fortigate 3400e1 CVEs fortigate 3700d1 CVEs fortigate 3960e1 CVEs fortigate 3980e1 CVEs fortigate 400e1 CVEs fortigate 4200f1 CVEs fortigate 5001d1 CVEs fortigate 5001e1 CVEs fortigate 5001e11 CVEs fortigate 5053b1 CVEs fortigate 50601 CVEs fortigate 50e1 CVEs fortigate 5144c1 CVEs fortigate 60001 CVEs fortigate 600e1 CVEs fortigate 60e1 CVEs fortigate 6300f1 CVEs fortigate 6500f1 CVEs fortigate 70001 CVEs fortigate 7040e1 CVEs fortigate 7060e1 CVEs fortigate 7121f1 CVEs fortigate 80e1 CVEs fortigate 80f1 CVEs fortiguard antivirus1 CVEs fortiguest1 CVEs fortimail-2000b1 CVEs fortimail-200d1 CVEs fortimail-400c1 CVEs fortimail-5002b1 CVEs fortimail-vm20001 CVEs fortinet1 CVEs fortinet281 CVEs fortinet firewall1 CVEs fortinet single sign-on1 CVEs fortirecorder 100d1 CVEs fortirecorder 200d1 CVEs fortirecorder 400d1 CVEs fortisandbox firmware1 CVEs fortisdnconnector1 CVEs fortisiem windows agent1 CVEs fortisoar agent communication bridge1 CVEs fortisoar imap connector1 CVEs fortiweb manager1 CVEs fortiwlc-sd1 CVEs fpm-7620e1 CVEs fpm-7620f1 CVEs fpm-7630e1 CVEs fsw-1024d1 CVEs fsw-1048d1 CVEs fsw-108d-poe1 CVEs fsw-124d1 CVEs fsw-124d-poe1 CVEs fsw-224d-fpoe1 CVEs fsw-224d-poe1 CVEs fsw-248d-fpoe1 CVEs fsw-248d-poe1 CVEs fsw-3032d1 CVEs fsw-424d1 CVEs fsw-424d-fpoe1 CVEs fsw-424d-poe1 CVEs fsw-448d1 CVEs fsw-448d-fpoe1 CVEs fsw-448d-poe1 CVEs fsw-524d1 CVEs fsw-524d-fpoe1 CVEs fsw-548d1 CVEs fsw-548d-fpoe1 CVEs

Recent Vulnerabilities

View all 1,123 →

CVE-2026-49938MEDIUM 6.5

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>

CVE-2026-25089CRITICAL 9.8

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

CVE-2025-67862MEDIUM 6.7

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

CVE-2026-44279MEDIUM 5.5

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via <insert attack vector here>

CVE-2026-44278LOW 2.3

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>

CVE-2026-44277CRITICAL 9.8

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

CVE-2026-26083CRITICAL 9.8

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

CVE-2026-25690MEDIUM 4.3

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.

CVE-2026-25088MEDIUM 5.4

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVE-2025-67604MEDIUM 5.3

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

CVE-2025-53870MEDIUM 6.7

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.

CVE-2025-53844HIGH 8.8

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVE-2025-53681HIGH 7.2

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.

CVE-2025-53680MEDIUM 6.7

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

CVE-2026-40688HIGH 7.2

An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.

CVE-2026-39815HIGH 8.8

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests

CVE-2026-39814MEDIUM 6.7

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVE-2026-39813CRITICAL 9.8

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

CVE-2026-39812MEDIUM 4.8

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVE-2026-39811MEDIUM 4.9

A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>

CVE-2026-39810MEDIUM 6.0

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

CVE-2026-39809MEDIUM 6.7

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests

CVE-2026-39808CRITICAL 9.8

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVE-2026-27316LOW 2.7

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

CVE-2026-25691MEDIUM 6.7

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.